Unbound DNS Cache Server
APACHE-2.0 License
docker run -itd --name unbound \
-p 53:53/tcp \
-p 53:53/udp \
satishweb/unbound
services:
unbound:
image: satishweb/unbound
hostname: unbound
networks:
- default
environment:
DEBUG: "0"
# DOMAIN_WHITELIST: "domain1.com domain2.com subdomain.domain3.com"
SOURCE_StevenBlack_Unified_Hosts: "true"
SOURCE_StevenBlack_Fakenews: "true"
SOURCE_StevenBlack_Gambling: "true"
SOURCE_StevenBlack_Porn: "true"
SOURCE_TheGreatWall_Default: "true"
SOURCE_AdWars_Default: "true"
SOURCE_VeleSila_Default: "true"
SOURCE_Tiuxo_Default: "true"
volumes:
# - ./unbound.conf:/etc/unbound/unbound.conf # For custom config
# Mount app-config script with your customizations
# - ./app-config:/app-config
deploy:
replicas: 1
# placement:
# constraints:
# - node.labels.type == worker
labels:
- "com.satishweb.description=Unbound DNS Cache Service"
wget https://github.com/satishweb/docker-doh/archive/v2.3.3.zip
unzip v2.3.3.zip
cp -rf docker-doh-2.2.4-1/examples/docker-compose-doh-server doh-server
rm -rf v2.3.3.zip docker-doh-2.2.4-1
cd doh-server
EMAIL=[email protected]
DOMAIN=example.com
SUBDOMAIN=dns
AWS_ACCESS_KEY_ID=AKIKJ_CHANGE_ME_FKGAFVA
AWS_SECRET_ACCESS_KEY=Nx3yKjujG8kjj_CHANGE_ME_Z/FnMjhfJHFvEMRY3
AWS_REGION=us-east-1
AWS_HOSTED_ZONE_ID=Z268_CHANGE_ME_IQT2CE6
DOMAIN_WHITELIST="domain1.com domain2.com subdomain.domain3.com"
./launch.sh
mkdir -p data/unbound/custom
vi data/unbound/custom/custom.hosts
Contents:
local-zone: "SUB1.example.com" redirect
local-data: "SUB1.example.com A 192.168.0.100"
local-zone: "SUB2.example.com" redirect
local-data: "SUB2.example.com A 192.168.0.101"
https://dns.example.com/getnsrecord
curl -w '\n' 'https://dns.example.com/getnsrecord?name=google.com&type=A'
Note: If you are using IAM account for R53 access, please make sure you have below permissions added in access policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}
Can not bind 53 port for unbound service
sudo service systemd-resolved stop;sudo apt-get -y purge systemd-resolved
and then retry againCan not bind port 80 and 443 for proxy service.
Note: This will make all your client systems/phones connected to your router use this your DNS server. Note: This will not make clients use DOH but it will end up using unbound private DNS service that protects you from ISP.
https://developers.cloudflare.com/argo-tunnel/downloads/
proxy-dns: true
proxy-dns-upstream:
- https://dns.example.com/getnsrecord
Note: You will need to ensure dnsmasq is uninstalled from your client system before using cloudflared
https://play.google.com/store/apps/details?id=app.intra&hl=en_US
Infra App -> Settings -> Select DNS over HTTPS Server -> Custom server URL
Value: https://dns.example.com/getnsrecord
docker build . --no-cache -t satishweb/unbound
docker pull satishweb/unbound